Ransomware Hackers Are Borrowing Customer-Service Tactics, Say Experts

Ransomware Hackers Are Borrowing Customer-Service Tactics, Say Experts

When hackers set out to extort the town of Tewksbury, Massachusetts with “ransomware,” they followed up with an FAQ explaining the attack and easy instructions for online payment.

After baulking for several days, Tewksbury officials decided that paying the modest ransom of about $600 was better than struggling to unlock its own systems, said police chief Timothy Sheehan.

That case and others show how cybercriminals have professionalised ransomware schemes, borrowing tactics from customer service or marketing, law enforcement officials and security firms say. Some players in the booming underworld employ graphic artists, call centers and technical support to streamline payment and data recovery, according to security firms that advise businesses on hacking threats.

The advancements, along with modest ransom demands, make it easier to pay than fight.

“It’s a perfect business model, as long as you overlook the fact that they are doing something awful,” said James Trombly, president of Delphi Technology Solutions, a Lawrence, Massachusetts, computer services firm that helped three clients over the past year pay ransoms in Bitcoin, the virtual currency. He declined to identify the clients.

Ransomware victims reported total costs from such attacks of $209 million (roughly Rs. 1,386 crores) in the first three months of this year, the FBI said, citing a tally of complaints it has received. That’s up dramatically from $24 million (roughly Rs. 159 crores) for all of 2015.

(Also see:  New Generation of Ransomware Is Emerging)

Costs for victims, beyond ransom, can include large bills for technical support, consultants and security software.

In the December 2014 attack on Tewksbury, the pressure to pay took on a special urgency because hackers disabled emergency systems. That same is true of additional attacks on police departments and hospitals since then. But all sectors of government and business are targeted, along with individuals, security firms said.

Some operations hire underground call centers or email-response groups to walk victims through paying and restoring their data, said Lance James, chief scientist with the cyber-intelligence firm Flashpoint.

Graphic artists and translators craft clear ransom demands and instructions in multiple languages. They use geolocation to make sure that victims in Italy get the Italian version, said Alex Holden, chief information security officer with Hold Security.

While ransomware attacks have been around longer than a decade, security experts say they’ve become far more threatening and prevalent in recent years because of state-of-the-art encryption, modules that infect backup systems, and the ability to infect large numbers of computers over a single network.

Law enforcement officials have long advised victims against paying ransoms. Paying ransoms is “supporting the business model,” encouraging more criminals to become extortionists, said Will Bales, a supervisory special agent for the Federal Bureau of Investigation.

But Bales, who helps run ransomware investigations nationwide from the Washington, DC office, acknowledged that the payoffs make economic sense for many victims.

“It is a business decision for the victim to make,” he said.

Run-of-the-mill ransomware attacks typically seek 1 bitcoin, now worth about $420, which is about the same as the hourly rate that some security consultants charge to respond to such incidents, according to security firms who investigate ransomware cases.

Some attacks seek more, as when hackers forced Hollywood Presbyterian Hospital in Los Angeles to pay $17,000 to end an outage in February.

Such publicized incidents will breed more attacks, said California State Senator Robert Hertzberg, who in February introduced legislation to make a ransomware schemes punishable by up to four years in prison. The Senate’s public safety committee passed the bill on Tuesday and sent it to the appropriations committee for further review.

Some victims choose not to pay. The Pearland Independent School District near Houston refused to fork over about $1,600 in ransom demanded in two attacks this year, losing about three days of work from teachers and students. Instead, the district invested tens of thousands of dollars on security software, said Jonathan Block, the district’s desktop support services manager.

“This threat is real and something that needs to be dealt with,” Block said.

The town of Tewksbury has also upgraded its security technology, but Sheehan says he fears more attacks.

“We are so petrified we could be put into this position again,” he said. “Everybody is vulnerable.”

© Thomson Reuters 2016

Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Tags: Apps, Hackers, Internet, Ransomware
[“Source-Gadgets”]

Right time for angel investments, say experts

Angel investors should ideally help start-ups by leveraging their own domain expertise, guide them in customer acquisition and become quasi-entrepreneurs themselves and assist in scaling the business.

Angel investors should ideally help start-ups by leveraging their own domain expertise, guide them in customer acquisition and become quasi-entrepreneurs themselves and assist in scaling the business.

Bengaluru: Start-up funding may be slowing, but this is the right time to make angel investments, since companies being built now will mature when the market becomes favourable again, seasoned investors at a conference for angel investors said.

“When we used to do workshops, we would start the workshop saying, at the end of it, 50% of the people would not want to be angel investors, which is okay. So, the idea is not to grow the numbers, the idea is to get those who get angel investment to enable them to become investors and to make people understand that this is a high risk asset,” said Shanti Mohan, co-founder of LetsVenture, an online platform for start-ups and angel investors that organized the LetsIgnite conference.

India has about 4,000 start-ups, the third largest concentration of start-ups in the world, according to software industry body Nasscom. Many people who want to get a piece of this pie start with angel investments—small amounts for companies beginning to build their businesses. This capital is crucial for start-ups, but what’s also crucial is for the first-time investors to understand that angel investment is about more than putting in some money in a company.

According to Sharad Sharma, a well-known angel investor and Shekhar Kirani, partner at Accel Partners, who jointly conducted a workshop for angel investors at the event, if there is momentum in a specific sector, and if it is being billed as “hot”, then it is too late to invest in it.

“You have to be at least 18 months ahead of the market and think about what’s going to happen at that point,” said Kirani, who was an angel investor in Filpkart Ltd, before his venture capital firm itself invested in the company.

Angel investors should ideally help start-ups by leveraging their own domain expertise, guide them in customer acquisition and become quasi-entrepreneurs themselves and assist in scaling the business.

Both Sharma and Kirani advised first-time investors to start off as passive angel investors and learn from other experienced investors, then become co-leads on a couple of deals and only then become lead angel investors on a deal.

“It is very tempting to fast-forward this, because in India, there is an acute gap in the amount of capital that entrepreneurs want and in the amount of capital that is available, but self-knowledge for an investor is important to realise that it takes time to become an expert angel investor from a novice investor,” said Sharma, who is an angel investor in companies like Druva, Ezetap and Frrole, among others.

Sanat Rao, partner, IDG Ventures, said angel investment will continue despite the overall slowdown.

“While there may be an overall slowdown in the quantum of angel investment if the market itself slows down, angel investment will continue because people who did well at well-funded companies, founders and those below them, are investing themselves now, and all these guys get the best deal flow as entrepreneurs know each other. This is here to stay. It is not going to disappear tomorrow,” said Rao, who made seven angel investments before he became a venture capitalist.

[“source-Livemint”]

US Police Say Criminals Like Apple’s iPhone Because of Encryption

US Police Say Criminals Like Apple's iPhone Because of Encryption

Some criminals have switched to new iPhones as their “device of choice” to commit wrongdoing due to strong encryption Apple Inc has placed on their products, three law enforcement groups said in a court filing.

The groups told a judge overseeing Apple’s battle with the US Department of Justice on Thursday that, among other things, they were aware of “numerous instances” in which criminals who previously used so-called throwaway burner phones have now switched to iPhones. They did not list a specific instance of this practice.

The brief by the Federal Law Enforcement Officers Association and two other also cited a jailhouse phone call intercepted by New York authorities in 2015, in which the inmate called Apple’s encrypted operating system “another gift from God.”

The government obtained a court order last month requiring Apple to write new software to disable passcode protection and allow access to an iPhone used by one of the shooters in the December killings in San Bernardino, California.

Apple asked that the order be vacated, arguing that such a move would set a dangerous precedent and threaten customer security.

Tech industry leaders including Google, Facebook and Microsoft and more than two dozen other companies filed legal briefs on Thursday supporting Apple. The Justice Department received support from law enforcement groups and six relatives of San Bernardino victims.

(Also see:  Husband of San Bernardino Attack Victim Takes Apple’s Side in FBI Spat)

The law enforcement groups said in their brief that Apple’s stance poses a grave threat to investigations across the country.

They listed several instances where Apple previously turned over data, and in one case, that cooperation helped clear an innocent man suspected of a homicide.

Apple has said it respects the FBI and has cooperated by turning over data in its possession. “Apple complies with valid subpoenas and search warrants,” Tim Cook said in a letter to customers last month.

The San Bernardino request is different, Apple says, because it requires them to crack a phone with a software tool that does not currently exist.

Law enforcement officials have said that Rizwan Farook and his wife, Tashfeen Malik, were inspired by Islamist militants when they shot and killed 14 people and wounded 22 others on December 2 at a holiday party in San Bernardino. Farook and Malik were later killed in a shootout with police, and the FBI said it wants to read the data on Farook’s work phone to investigate any links with militant groups.

© Thomson Reuters 2016

Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Tags: Apple, Apple vs FBI, Encryption, FBI, iPhone, Tim Cook
[“Source-Gadgets”]

We feel cheated by BJP’s communal politics, say Patel leaders in Gujarat

We feel cheated by BJP’s communal politics, say Patel leaders in Gujarat
Photo Credit: Sam Panthaky/AFP
21.2K
Total Views

On August 25, 2015, even as Rahul Desai joined thousands of Hardik Patel supporters in a rally demanding caste-based reservations for Patidars, he could never have imagined that he would be spewing venom against the Bharatiya Janata Party one day.

But six months after the infamous Patel rally, which led to rioting and vandalism in Ahmedabad and reported police atrocities on Patidars across Gujarat, Desai cannot contain his bitterness against the party ruling both the Centre and the state. The 31-year-old Desai is the Ahmedabad West convenor of Hardik Patel’s Patidar Anamat Andolan Samiti, and has been actively mobilising community members ever since Hardik Patel and other leaders of the organisation were arrested on sedition charges in October.

“In all my speeches, I remind people that we Patels have supported the BJP for years, not just through votes but also through notes,” said Desai, speaking to Scroll.in on a busy street in Ahmedabad’s Bapunagar suburb. “Patidar money helped BJP rise to power, and now look how they are treating us. We cannot let them win in the state election next year.”

Rahul Desai, a convener for the Patidar Anamat Andolan Samiti in Ahmedabad
Rahul Desai, a convener for the Patidar Anamat Andolan Samiti in Ahmedabad

Police atrocities unpunished?

Like many of the Patels around him, Desai’s grouse isn’t merely that the BJP is refusing to grant Other Backward Class status to the Patidar caste. The more immediate complaint, he says, is that the state government of Anandiben Patel has so far allowed the Gujarat police to get away with impunity with the many crimes it allegedly committed in the days after August 25, 2015.

For two days after the rally, in Bapunagar, Naroda, Ranip and other Patel-dominated neighbourhoods of Ahmedabad, army and Gujarat police personnel reportedly assaulted residents in their homes, vandalised their windows and cars, and made sexualised threats towards women. Similar allegations were made by Patidars in Surat, Mehsana, Patan and other parts of Gujarat.

Six months on, hundreds of Patel men have been slapped with what Desai calls “predominantly false” charges of looting, rioting, murder and attempt to murder. “But not a single FIR has been lodged against the police for breaking into our homes, beating innocent men and women, and destroying so much of our property,” he said. “We have gone to file complaints several times in the past few months, but none of it gets formally lodged as an FIR.”

The only case filed against the police so far has to do with the custodial death of Shwetang Patel, a 30-year-old from Bapunagar, and it was lodged only after the Gujarat High Courtordered the Criminal Investigation Department to take over the case. “All these months later, the CID’s investigations are going nowhere,” said Desai, one of the many Patidar Samiti members who pursued the registration of the First Information Report in Shwetang Patel’s case. “Only two policemen have been suspended so far, and they are both constables with desk jobs who could not have been involved in the beatings that led to Shwetang’s death.”

‘Congress did well because of Patels’

For many Patels, the outrage at such police “harassment” and the lack of media sympathy for their plight has led to a compounded frustration with the BJP government and its leaders.

The Patidar demand for OBC reservation was born out of growing unemployment, corruption in higher education and the alleged failure of Narendra Modi’s famed Gujarat model of development. Six months ago, the criticism of the BJP, which has ruled the state for 20 years, was guarded and hesitant. Now, as Patels struggle to cope with a newfound fear of the police and the perceived indifference of the state and Central governments, the anti-BJP sentiment has been pouring out.

When Gujarat had its local body elections in December 2015, the Congress won an unprecedented 21 district panchayats out of 31, even though the BJP retained its hold on civic bodies in urban areas. “The Congress did so well in rural Gujarat because of us Patels,” said Maheshbhai Patel, a diamond polisher from Bapunagar. “We could have made the BJP lose in urban areas also, but the names of at least five lakh Patels were taken off the voters list.”

Despite these allegations, Maheshbhai Patel is relieved that in India Colony, a neighbourhood within Bapunagar, all four civic corporators who won the election are from the Congress. In Mehsana, the local Patidar Samiti president Lalbhai Patel states with pride that the new chairman of the Mehsana municipal corporation’s town planning department is a Muslim woman from the Congress – Allahrakhi Belim. “This is the first time in years that a Muslim has held a post of authority at the municipal level in Mehsana, and the Patels are in a way responsible for that,” said Lalbhai Patel.

‘Godhra train burning was a BJP plan’

Six months ago, Patidars were uncomfortable bringing up the obvious parallels between the police atrocities they faced and the Muslim victims of the 2002 communal riots in Gujarat. But today, Patidar Samiti leaders like Rahul Desai and Lalbhai Patel are candid enough to raise the communal question themselves as they lash out against the BJP.

“The BJP is fundamentally a communal party that has been planting its ideology of fearing Muslims for years now,” said Desai. “I can tell you with certainty that Modi would never have been re-elected as the chief minister in 2002 if it had not been for the Godhra train burning.”

In February 2002, a mob at Godhra railway station killed 59 commuters of the Sabarmati Express by setting fire to its coaches. Thirty one Muslims were later convicted. The arson was followed by intense communal riots across Gujarat in which more than a thousand people died. Desai, who was in school at the time, remembers being shown videos of the Godhra train burning in class.

“They were doing it to propagate the idea that all Hindus need to come together or else the Muslims would kill us,” said Desai. “I don’t know if the men who burnt the train were Muslims or not, but I know that the Godhra train burning was a pre-planned political stunt by the BJP to win the state election later that year.”

When communal thinking takes root, says Desai, it is very difficult to get rid of. “Because of the BJP’s propaganda, all of us began to think communally, and I feel kind of cheated now,” he said. “Even today, people are afraid that Muslims will riot against them, but honestly, even if they don’t, the BJP will get it done.”

‘Such politics leads to Naxalism’

Desai acknowledges that he may not be speaking for all Patidars in Gujarat, but he is certain that all other members of the Patidar Andolan Samiti share his views.

In Mehsana, Lalbhai Patel could not agree more. “Of course, Godhra and the 2002 riots were orchestrated by the BJP. It is obvious to us now, but back then it wasn’t,” said Lalbhai Patel. “Last time they targeted Muslims. Now they are allowing the Patels to be persecuted. This is exactly the kind of politics that leads to the creation of Naxals.”

For now, Patidar leaders are in no mood to support the party they were once loyal to in the state Assembly election next year. But even as the community accepts help from the Congress to fight various cases against Patidar men, Desai and Lalbhai are firm that Patel allegiance will not blindly bend towards the Congress this election.

“We will vote for whoever gives in to our demands – both reservations and justice for the police atrocities,” said Lalbhai Patel. “The Patidars are already now building connections with OBC Thakors and Miyas [Muslims], so you never know – even a third front might come up.”

[“source-Scroll”]